The present invention, in some embodiments thereof, relates to vehicle data communication networks and, more specifically, but not exclusively, to systems and methods for detecting malicious activity in vehicle data communication networks.
A connected car is a road vehicle equipped with one or more sets of communications systems: Internet access, an internal network, and wireless communication capabilities, which enable the car to route its connection access (sometimes referred to as vehicle-to-Internet, or V2I) to other devices that are installed inside—and possibly outside—of the vehicle. Alongside these typically there is the controller area network (CAN) bus (or similar) used to interconnect the gamut of electronic control units (ECUs), sensors and actuators that form part of a vehicle's inner electronic workings. Increasingly, such cars are fitted with specific technologies that link into the Internet access or internal network to provide additional driver benefits: automatic notification of collisions, notification of excessive speeding, and other safety alerts, for example. There are two additional communications types that may supplement these: a vehicle-to-vehicle (V2V) technology that enables cars to communicate wirelessly and even maintain temporary networks between vehicles that can inform accident prevention, road hazards, and other driving intelligence; and Internet of Things (Vehicle-to-IoT or V2IoT), as a connected entity receiving data from external sources, and sharing data that it captures with remote third-parties for specific applications (traffic flow updates, for example).
While traditional safety and security telematics services such as eCall, bCall, stolen vehicle tracking, and remote diagnostics continue to roll out across the globe, focus is now starting to shift from the physical protection of vehicles, drivers and passengers to the security protection against cyber-attacks and intrusions, which, in turn could threaten the physical integrity of persons and the data that is transmitted for a vehicle. Security is expected to become ever more critical, dominating safety and security telematics. Security becomes an even bigger concern with autonomous vehicles, and even more so with driverless cars, in which software and connectivity plays a much bigger and more critical role for the safe driving of vehicles. The one- and two-way electronic communications systems that road vehicles have increasingly been equipped with over recent decades, such as radio receivers and transmitters, have been augmented by links to cellular voice/data devices and to satellite signals. In-vehicle infotainment networks, and the notion of cars-hot-spot, have been introduced by automotive OEMs (original equipment manufacturers) variously in recent years. These typically co-exist with the automotive control networks that enable the transit and exchange of data relating to the operation of the vehicle itself. The importance of identifying potential vulnerabilities or flaws in a connected car's communications and data systems that could be exploited by somebody seeking to hack into that vehicle's control mechanisms or other onboard technology and protecting such vehicles against interference or attack, has stepped up in the last five years, as cyberattack threats have become potentially more hazardous, and more aggressive.
An article Experimental Security Analysis of a Modern Automobile (2010) experimentally demonstrated that an informed attacker who is able to infiltrate ECUs can circumvent a broad array of safety critical systems. The article Comprehensive Experimental Analyses of Automotive Attack Surfaces (2011) proposes that remote exploitation of connected vehicles is feasible via a broad range of attack vectors (including mechanics tools, compact disc players, Bluetooth links, and cellular radio); and further, that wireless communications channels can allow remote vehicle control, location tracking, in-cabin audio ‘exfiltration’, and vehicle theft. The foreseeable exploits of the vehicle data integrity might lead to data theft, such as: online automotive apps and services that contain banking/credit records; congestion charge or toll payment information; general personal identification data; insurance and tax data—useful for identity theft; license plates and other vehicle registration data; vehicle location information; vehicle physical security data; extortion/denial-of-service threat; fraud and deception (altering or deleting schedule logs and records); freight and goods theft (activating false alarms that cause goods to be left unattended); immobilization; premises security and burglary—vehicle data that reveals businesses and homes are unoccupied and many others.
U.S. Pat. No. 7,797,737, Security for network-connected vehicles and other network-connected processing environments, appears to relate to a method and apparatus that provide security for a network-connected vehicle (or other networked environment) in which a predefined set of permitted operations relating to protected resources can be initiated remotely from elsewhere in the network, while security is maintained for the protected resources (for example, an engine performance optimization control unit or air conditioning control unit within a vehicle) by preventing remote initiation of any other operations on a data processing unit which is connected to the protected resources.
U.S. Patent Application 2013/0212659, Trusted connected vehicle systems and methods, appears to relate to systems and methods for facilitating a security and trust architecture in connected vehicles. In certain embodiments, a method for creating a trusted architecture in a connected vehicle may include generating a connected vehicle ecosystem map including information relating to a plurality of electronic control units and network connections included in the connected vehicle. Based on the vehicle ecosystem map, trusted relationships involving electronic control units may be identified. Trusted credentials may be generated and issued to electronic control units that meet one or more trust requirements. Using the trusted credentials, trusted communication within the connected vehicle may be achieved.